X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=f7d35c3447df70f49d5f871fc7f80e6a3c848638;hp=c076a5fe80e730614300cfd133269acf3a287ef0;hb=b62292bbe3f21887dc5ee4353ca9cf675f9aa3f3;hpb=c1cf157116de7fc3da96203aa6f03c38c7ebb650 diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp index c076a5fe..f7d35c34 100644 --- a/src/core/sslserver.cpp +++ b/src/core/sslserver.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2018 by the Quassel Project * + * Copyright (C) 2005-2020 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -20,17 +20,12 @@ #include "sslserver.h" -#ifdef HAVE_SSL -# include -#endif - #include +#include -#include "logmessage.h" +#include "core.h" #include "quassel.h" -#ifdef HAVE_SSL - SslServer::SslServer(QObject* parent) : QTcpServer(parent) { @@ -54,36 +49,27 @@ SslServer::SslServer(QObject* parent) // Initialize the certificates for first-time usage if (!loadCerts()) { if (!sslWarningShown) { - quWarning() << "SslServer: Unable to set certificate file\n" - << " Quassel Core will still work, but cannot provide SSL for client connections.\n" - << " Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support."; + qWarning() << "SslServer: Unable to set certificate file\n" + << " Quassel Core will still work, but cannot provide SSL for client connections.\n" + << " Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support."; sslWarningShown = true; } } } -QTcpSocket* SslServer::nextPendingConnection() -{ - if (_pendingConnections.isEmpty()) - return nullptr; - else - return _pendingConnections.takeFirst(); -} - void SslServer::incomingConnection(qintptr socketDescriptor) { - auto* serverSocket = new QSslSocket(this); - if (serverSocket->setSocketDescriptor(socketDescriptor)) { + auto* socket = new QSslSocket(this); + if (socket->setSocketDescriptor(socketDescriptor)) { if (isCertValid()) { - serverSocket->setLocalCertificate(_cert); - serverSocket->setPrivateKey(_key); - serverSocket->addCaCertificates(_ca); + socket->setLocalCertificate(_cert); + socket->setPrivateKey(_key); + socket->addCaCertificates(_ca); } - _pendingConnections << serverSocket; - emit newConnection(); + addPendingConnection(socket); } else { - delete serverSocket; + delete socket; } } @@ -102,14 +88,14 @@ bool SslServer::reloadCerts() // Reloading certificates currently only occur in response to a request. Always print an // error if something goes wrong, in order to simplify checking if it's working. if (isCertValid()) { - quWarning() << "SslServer: Unable to reload certificate file, reverting\n" - << " Quassel Core will use the previous key to provide SSL for client connections.\n" - << " Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support."; + qWarning() << "SslServer: Unable to reload certificate file, reverting\n" + << " Quassel Core will use the previous key to provide SSL for client connections.\n" + << " Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support."; } else { - quWarning() << "SslServer: Unable to reload certificate file\n" - << " Quassel Core will still work, but cannot provide SSL for client connections.\n" - << " Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support."; + qWarning() << "SslServer: Unable to reload certificate file\n" + << " Quassel Core will still work, but cannot provide SSL for client connections.\n" + << " Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support."; } return false; } @@ -129,19 +115,19 @@ bool SslServer::setCertificate(const QString& path, const QString& keyPath) QFile certFile(path); if (!certFile.exists()) { - quWarning() << "SslServer: Certificate file" << qPrintable(path) << "does not exist"; + qWarning() << "SslServer: Certificate file" << qPrintable(path) << "does not exist"; return false; } if (!certFile.open(QIODevice::ReadOnly)) { - quWarning() << "SslServer: Failed to open certificate file" << qPrintable(path) << "error:" << certFile.error(); + qWarning() << "SslServer: Failed to open certificate file" << qPrintable(path) << "error:" << certFile.error(); return false; } QList certList = QSslCertificate::fromDevice(&certFile); if (certList.isEmpty()) { - quWarning() << "SslServer: Certificate file doesn't contain a certificate"; + qWarning() << "SslServer: Certificate file doesn't contain a certificate"; return false; } @@ -152,7 +138,7 @@ bool SslServer::setCertificate(const QString& path, const QString& keyPath) untestedCA = certList; if (!certFile.reset()) { - quWarning() << "SslServer: IO error reading certificate file"; + qWarning() << "SslServer: IO error reading certificate file"; return false; } @@ -160,12 +146,12 @@ bool SslServer::setCertificate(const QString& path, const QString& keyPath) if (path != keyPath) { QFile keyFile(keyPath); if (!keyFile.exists()) { - quWarning() << "SslServer: Key file" << qPrintable(keyPath) << "does not exist"; + qWarning() << "SslServer: Key file" << qPrintable(keyPath) << "does not exist"; return false; } if (!keyFile.open(QIODevice::ReadOnly)) { - quWarning() << "SslServer: Failed to open key file" << qPrintable(keyPath) << "error:" << keyFile.error(); + qWarning() << "SslServer: Failed to open key file" << qPrintable(keyPath) << "error:" << keyFile.error(); return false; } @@ -179,27 +165,32 @@ bool SslServer::setCertificate(const QString& path, const QString& keyPath) certFile.close(); if (untestedCert.isNull()) { - quWarning() << "SslServer:" << qPrintable(path) << "contains no certificate data"; + qWarning() << "SslServer:" << qPrintable(path) << "contains no certificate data"; return false; } // We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid. const QDateTime now = QDateTime::currentDateTime(); if (now < untestedCert.effectiveDate()) { - quWarning() << "SslServer: Certificate won't be valid before" << untestedCert.effectiveDate().toString(); + qWarning() << "SslServer: Certificate won't be valid before" << untestedCert.effectiveDate().toString(); } else if (now > untestedCert.expiryDate()) { - quWarning() << "SslServer: Certificate expired on" << untestedCert.expiryDate().toString(); + qWarning() << "SslServer: Certificate expired on" << untestedCert.expiryDate().toString(); } else if (untestedCert.isBlacklisted()) { - quWarning() << "SslServer: Certificate blacklisted"; + qWarning() << "SslServer: Certificate blacklisted"; } if (untestedKey.isNull()) { - quWarning() << "SslServer:" << qPrintable(keyPath) << "contains no key data"; + qWarning() << "SslServer:" << qPrintable(keyPath) << "contains no key data"; return false; } + _certificateExpires = untestedCert.expiryDate(); + if (_metricsServer) { + _metricsServer->setCertificateExpires(_certificateExpires); + } + _isCertValid = true; // All keys are valid, update the externally visible copy used for new connections. @@ -216,7 +207,7 @@ QSslKey SslServer::loadKey(QFile* keyFile) key = QSslKey(keyFile, QSsl::Rsa); if (key.isNull()) { if (!keyFile->reset()) { - quWarning() << "SslServer: IO error reading key file"; + qWarning() << "SslServer: IO error reading key file"; return key; } key = QSslKey(keyFile, QSsl::Ec); @@ -224,4 +215,9 @@ QSslKey SslServer::loadKey(QFile* keyFile) return key; } -#endif // HAVE_SSL +void SslServer::setMetricsServer(MetricsServer* metricsServer) { + _metricsServer = metricsServer; + if (_metricsServer) { + _metricsServer->setCertificateExpires(_certificateExpires); + } +}